FIRST Special Interest Groups (SIG)

A new set of guidelines has been produced by FIRST, in collaboration with the National Telecommunications and Information Administration (NTIA). The document is aimed at anyone involved in multi-party vulnerability disclosures – from security researchers to incident response teams. The updated advice (version 1.1) was unveiled earlier this month to address shortcomings in how multiple parties should engage and cooperate during the security vulnerability disclosure process.

July 12th, 2019 - The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a common scoring system designed to provide open and universally standard severity ratings of software vulnerabilities for the security community. Used by organizations worldwide, version 3.1 documentation is now available on the FIRST website for members and non-members to reference.

FIRST is pleased to announce the creation of two new Special Interest Groups: PSIRT and Cyber Insurance! The PSIRT SIG is developing learning materials to support the evolution of PSIRTs at all maturity levels, and the Cyber Insurance SIG is coordinating data sharing and providing a feedback mechanism between CERTs and Cyber Insurance organizations.

The comment period for the "Guidelines and Practices for Multi-Party Vulnerability Coordination", published by the Vulnerability Coordination SIG, was extended to February 28th, 2017. FIRST invites anyone with an interest in this area to review the current draft, available from https://www.first.org/global/sigs/vulnerability-coordination/multiparty, and provide comments for consideration.

FIRST has formed the Red Teaming SIG. Interested participants who are part of an existing Red Team or in the process of forming one should send a request to be added to the mail list to first-sec@first.org